The software solution must be a cloud-hosted product. 2.3. Provider must use commercially reasonable efforts to prevent the loss of or damage to City Data in its possession and will maintain commercially reasonable backup procedures and copies to facilitate the reconstruction of any City Data that may be lost or damaged by Provider. Provider will maintain a comprehensive information security program to protect Provider’s Software and Hosted Services and City Data including logical and physical access, vulnerability, risk, and configuration management; incident monitoring and response; security education; and data protection The Provider must possess and maintain an ISO/IEC 27001 certification or equivalent information security management system (ISMS) certification for its data center(s) which shall only be located within the United States or its Territories.
